Compliance

EDITH maps every finding to specific controls across 5 compliance frameworks:

• PCI-DSS 4.0 — 16 controls (injection, broken auth, encryption, secure transmission)
• SOC 2 — 10 controls (logical access, data restriction, monitoring, change management)
• GDPR — 14 controls (security obligations, data minimisation, erasure, portability, consent)
• Google Play Store — 11 controls (data safety form, secure transmission, session mgmt, accessibility)
• Apple App Store — 11 controls (ATS, keychain, session, review guidelines 5.1.1 / 5.1.2)

Total: 62 controls, 295+ check↔control mappings.

Pro and Agency plans generate a signed PDF that maps every finding to the framework controls it violates or satisfies. The report includes:

• Per-framework pass/fail percentage
• Per-control evidence with check ID + scan timestamp
• Continuous scan history
• White-label option (Agency tier)

Hand it to your SOC 2 auditor on day one.

Signed-in users see live compliance status at /audit with per-framework percentages and per-control evidence. Drill into any framework to see which checks back which controls.

EDITH covers the development-facing controls. We can't evaluate:

• Process controls (MFA enforcement, incident response, training)
• Physical security
• Vendor management

For a full audit you still need a human. EDITH compresses the developer evidence collection from weeks to one button.